[PATCHES] nss-wrapper 1.1.2 in samba -- and fixes for samba

Michael Adam obnox at samba.org
Mon Jan 11 02:02:54 UTC 2016


On 2016-01-08 at 10:49 +0100, Andreas Schneider wrote:
> On Wednesday 23 December 2015 18:24:37 Michael Adam wrote:
> > FYI I had a discussion with Metze.
> > He requested to do the change I did with the
> > addition to tsocket differently, adding a helper
> > function to (e.g.) the torture code instead.
> > 
> > I will follow up with an updated patchset.
> 
> reminder ;)

Updated patchset of the fixes to testcases (without adding
a function to tsocket) attached.
The nwrap patches are not changed and not re-attached here.

Review appreciated!

Thanks - Michael
-------------- next part --------------
From 4053e401f1d036365b1f47df4c77b9ccd44a654c Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 17 Dec 2015 13:56:16 +0100
Subject: [PATCH 1/5] torture: fix the ldap.cldap test

This makes sure a host*NAME* handed in will get properly resolved.
Bug uncovered by the new nss_wrapper code (1.1.2) which fixed
the handling of the AI_NUMERICHOST flag in getaddrinfo.

Signed-off-by: Michael Adam <obnox at samba.org>
---
 source4/torture/ldap/cldap.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c
index 6a925cf..6a9e9e1 100644
--- a/source4/torture/ldap/cldap.c
+++ b/source4/torture/ldap/cldap.c
@@ -24,6 +24,7 @@
 #include "includes.h"
 #include "libcli/cldap/cldap.h"
 #include "libcli/ldap/ldap_client.h"
+#include "libcli/resolve/resolve.h"
 #include "param/param.h"
 #include "../lib/tsocket/tsocket.h"
 
@@ -87,10 +88,20 @@ static bool test_cldap_generic(struct torture_context *tctx, const char *dest)
 	const char *attrs2[] = { "currentTime", "highestCommittedUSN", "netlogon", NULL };
 	const char *attrs3[] = { "netlogon", NULL };
 	struct tsocket_address *dest_addr;
+	const char *ip;
+	struct nbt_name nbt_name;
 	int ret;
 
+	make_nbt_name_server(&nbt_name, dest);
+
+	status = resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx),
+				 0, 0, &nbt_name, tctx, &ip, tctx->ev);
+	torture_assert_ntstatus_ok(tctx, status,
+			talloc_asprintf(tctx,"Failed to resolve %s: %s",
+					nbt_name.name, nt_errstr(status)));
+
 	ret = tsocket_address_inet_from_strings(tctx, "ip",
-						dest,
+						ip,
 						lpcfg_cldap_port(tctx->lp_ctx),
 						&dest_addr);
 	CHECK_VAL(ret, 0);
-- 
2.5.0


From 440452659b8fc2bb42df260e050b9756d263759c Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 17 Dec 2015 13:58:12 +0100
Subject: [PATCH 2/5] torture: fix the ldap.netlogon-udp test

This makes sure a host*NAME* handed in will get properly resolved.
Bug uncovered by the new nss_wrapper code (1.1.2) which fixed
the handling of the AI_NUMERICHOST flag in getaddrinfo.

Signed-off-by: Michael Adam <obnox at samba.org>
---
 source4/torture/ldap/netlogon.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/source4/torture/ldap/netlogon.c b/source4/torture/ldap/netlogon.c
index d632aaf..1b43ea7 100644
--- a/source4/torture/ldap/netlogon.c
+++ b/source4/torture/ldap/netlogon.c
@@ -25,6 +25,7 @@
 #include "libcli/cldap/cldap.h"
 #include "libcli/ldap/ldap_client.h"
 #include "libcli/ldap/ldap_ndr.h"
+#include "libcli/resolve/resolve.h"
 #include "librpc/gen_ndr/netlogon.h"
 #include "param/param.h"
 #include "../lib/tsocket/tsocket.h"
@@ -579,14 +580,24 @@ static NTSTATUS udp_ldap_netlogon(void *data,
 bool torture_netlogon_udp(struct torture_context *tctx)
 {
 	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *ip;
+	struct nbt_name nbt_name;
 	bool ret = true;
 	int r;
 	struct cldap_socket *cldap;
 	NTSTATUS status;
 	struct tsocket_address *dest_addr;
 
+	make_nbt_name_server(&nbt_name, host);
+
+	status = resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx),
+				 0, 0, &nbt_name, tctx, &ip, tctx->ev);
+	torture_assert_ntstatus_ok(tctx, status,
+			talloc_asprintf(tctx,"Failed to resolve %s: %s",
+					nbt_name.name, nt_errstr(status)));
+
 	r = tsocket_address_inet_from_strings(tctx, "ip",
-					      host,
+					      ip,
 					      lpcfg_cldap_port(tctx->lp_ctx),
 					      &dest_addr);
 	CHECK_VAL(r, 0);
-- 
2.5.0


From e944a01e780ae57d2908240bbc57cafab9d493f8 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 17 Dec 2015 13:59:40 +0100
Subject: [PATCH 3/5] torture: fix check_dom_trust_pw in the rpc:lsa test

This makes sure a host*NAME* handed in will get properly resolved.
Bug uncovered by the new nss_wrapper code (1.1.2) which fixed
the handling of the AI_NUMERICHOST flag in getaddrinfo.

Signed-off-by: Michael Adam <obnox at samba.org>
---
 source4/torture/rpc/lsa.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 4ba246f..d336016 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -36,6 +36,7 @@
 #include "source4/auth/kerberos/kerberos_util.h"
 #include "lib/util/util_net.h"
 #include "../lib/crypto/crypto.h"
+#include "libcli/resolve/resolve.h"
 #define TEST_MACHINENAME "lsatestmach"
 #define TRUSTPW "12345678"
 
@@ -4127,6 +4128,8 @@ static bool check_dom_trust_pw(struct dcerpc_pipe *p,
 	char *workstation = NULL;
 	const char *binding = torture_setting_string(tctx, "binding", NULL);
 	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *ip;
+	struct nbt_name nbt_name;
 	struct dcerpc_binding *b2;
 	struct netlogon_creds_CredentialState *creds;
 	struct samr_CryptPassword samr_crypt_password;
@@ -4182,8 +4185,16 @@ static bool check_dom_trust_pw(struct dcerpc_pipe *p,
 	cli_credentials_set_workstation(incoming_creds, workstation, CRED_SPECIFIED);
 	cli_credentials_set_secure_channel_type(incoming_creds, secure_channel_type);
 
+	make_nbt_name_server(&nbt_name, host);
+
+	status = resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx),
+				 0, 0, &nbt_name, tctx, &ip, tctx->ev);
+	torture_assert_ntstatus_ok(tctx, status,
+			talloc_asprintf(tctx,"Failed to resolve %s: %s",
+					nbt_name.name, nt_errstr(status)));
+
 	rc = tsocket_address_inet_from_strings(tctx, "ip",
-					       host,
+					       ip,
 					       lpcfg_cldap_port(tctx->lp_ctx),
 					       &dest_addr);
 	torture_assert_int_equal(tctx, rc, 0,
-- 
2.5.0


From 91018f8b7e4569a957284f1f879e9e902d9cc22d Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 17 Dec 2015 13:59:58 +0100
Subject: [PATCH 4/5] torture: fix check_pw_with_krb5 in the rpc:lsa test

Don't use AI_NUMERICHOST for getaddrinfo.
This is so that a host*NAME* handed in will get properly resolved.
Bug uncovered by the new nss_wrapper code (1.1.2)  which fixed
the handling of the AI_NUMERICHOST flag in getaddrinfo.

Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
---
 source4/torture/rpc/lsa.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index d336016..d2180db 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -3217,7 +3217,7 @@ static bool check_pw_with_krb5(struct torture_context *tctx,
 	k5ret = smb_krb5_init_context(ctx, tctx->lp_ctx, &ctx->smb_krb5_context);
 	torture_assert_int_equal(tctx, k5ret, 0, "smb_krb5_init_context failed");
 
-	ok = interpret_string_addr_internal(&ctx->server, host, AI_NUMERICHOST);
+	ok = interpret_string_addr_internal(&ctx->server, host, 0);
 	torture_assert(tctx, ok, "Failed to parse target server");
 	talloc_set_destructor(ctx, check_pw_with_krb5_ctx_destructor);
 
-- 
2.5.0


From f44da22b69af474d29ac21b3e0dcd082d0c6b3e7 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Fri, 18 Dec 2015 19:11:43 +0100
Subject: [PATCH 5/5] torture: Fix winbind.wbclient.ResolveWinsByIp test

The test gets handed a name, so we first need
to resolve the name to an IP before we can
pass that on to ResolveWinsByIp.

Bug uncovered by the new nss_wrapper code (1.1.2).

Signed-off-by: Michael Adam <obnox at samba.org>
---
 nsswitch/libwbclient/tests/wbclient.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/nsswitch/libwbclient/tests/wbclient.c b/nsswitch/libwbclient/tests/wbclient.c
index 5bce0ae..d482ed2 100644
--- a/nsswitch/libwbclient/tests/wbclient.c
+++ b/nsswitch/libwbclient/tests/wbclient.c
@@ -22,6 +22,7 @@
 #include "libcli/util/werror.h"
 #include "lib/util/data_blob.h"
 #include "lib/util/time.h"
+#include "libcli/resolve/resolve.h"
 #include "nsswitch/libwbclient/wbclient.h"
 #include "torture/smbtorture.h"
 #include "torture/winbind/proto.h"
@@ -418,10 +419,21 @@ static bool test_wbc_resolve_winsbyname(struct torture_context *tctx)
 static bool test_wbc_resolve_winsbyip(struct torture_context *tctx)
 {
 	const char *ip;
+	const char *host;
+	struct nbt_name nbt_name;
 	char *name;
 	wbcErr ret;
+	NTSTATUS status;
 
-	ip = torture_setting_string(tctx, "host", NULL);
+	host = torture_setting_string(tctx, "host", NULL);
+
+	make_nbt_name_server(&nbt_name, host);
+
+	status = resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx),
+				 0, 0, &nbt_name, tctx, &ip, tctx->ev);
+	torture_assert_ntstatus_ok(tctx, status,
+			talloc_asprintf(tctx,"Failed to resolve %s: %s",
+					nbt_name.name, nt_errstr(status)));
 
 	ret = wbcResolveWinsByIP(ip, &name);
 
-- 
2.5.0

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160111/afb5b6b1/signature.sig>


More information about the samba-technical mailing list